E-Commerce Made Easy

Whether you work for a large Fortune 500 company or a small start-up, chances are that most of your application engineers are embroiled in the support and maintenance of your online store.

Whether you work for a large Fortune 500 company or a small start-up, chances are that most of your application engineers are embroiled in the support and maintenance of your online store.

And no wonder.

Given the complexity of most e-commerce deployments — mixes of hefty portions of business logic, hardware, and software — it’s rare to find a company not struggling with heady infrastructure issues such as reliability, performance, accuracy, and cost.

But as in other areas, open source can provide some much-needed relief. Based on LAMP — the combination of Linux, Apache, MySQL, and a scripting language such as Perl, PHP, or Python — a number of open source solutions can bootstrap, augment, or even substantially replace your own e-commerce efforts.

In this month’s “LAMP Post,” let’s explore osCommerce, a freely available and robust e-commerce solution. Freed from reinventing the storefront and shopping cart (and other features described in the sidebar “A La Cart”), you can focus on the unique aspects of your business.

A La Cart

While products and business models vary from one company to the next, the business of conducting business online is largely uniform: track inventory, accept payments, manage customers, calculate appropriate taxes and shipping expenses, maintain a web site, and so on.

If you’re evaluating an e-commerce solution — be it open source or proprietary — here are the fundamental features to look for:

* Inventory management tracks products on-hand.

* Transaction processing handles payments, including offline or real-time credit card processing, and online, third party payment processing services such as Paypal.

* Localization calculates proper retail taxes and shipping expenses based on the customer’s location.

* Customer management provides order status and allows you to communicate with customers.

* Pricing and discounting assigns special pricing and discounts to inventory items, and provides and redeems customer coupons.

* Media management and templating manages the content of the catalog and the content of the site. Most content systems can upload product images and craft templates for a variety of catalog pages.

* Work flow and scenario planning builds a shopping experience, including coupon offers, promoting complementary products, and click-path analysis.

Of course, the front-end, the user experience, must also be robust and provide basic features such as a shopping cart, searching, account and profile management, language and currency internationalization, and order history. A robust e-commerce solution addresses all of these needs.

Cash, Check, or Charge?

Perhaps osCommerce is best described by this one-liner taken from the project’s web site at http://www.oscommerce.com:

osCommerce is an online shop, e-commerce solution. It offers a wide range of out-of-the-box features, allowing online stores to be set up fairly quickly and easily.

As we go to press, osCommerce boasts 1,395 live deployments and offers hundreds of free add-on modules and language packs. Better yet, osCommerce is written in PHP, is licensed under the GNU General Public License, and can be installed on any platform that supports Apache, MySQL, and PHP, including Linux, BSD, Solaris, and Windows. (For this article, the test host was running Linux kernel 2.4.20-8, Apache 1.3.28, PHP 4.3.4, mod_ssl 2.8.15-1.3.28, OpenSSL 0.9.7a, and MySQL 4.0.14-standard.)

Getting the package up and running is quite easy, especially with osCommerce’s nifty new installer. However, before you deploy osCommerce and begin accepting credit card or other personal information, it’s highly recommended that you install and enable SSL in Apache, obtain a valid, signed certificate from a widely-recognized certificate authority such as Verisign, and verify the proper operation of SSL.

Installing osCommerce

The latest version of osCommerce, 2.2 Milestone 2, can be retrieved from http://www.oscommerce.com/solutions/downloads. After you download the tarball, verify its MD5 checksum by matching the output of md5sum with the checksum on the osCommerce download page. If the checksum’s correct, unpack the tarball to create a directory named oscommerce-2.2ms2.

Within that directory, you’ll find a number of items including detailed installation instructions, a copy of the GPL, and a catalog directory that contains the entire osCommerce application. Copy the catalog directory to your web root path. Assuming that $WEBROOT points to the the root of your web site (for example, /usr/local/apache/htdocs/), the following commands should do the trick:

# cd oscommerce-2.2ms2
# cp -R catalog $WEBROOT

The administration of osCommerce is performed via a separate PHP web application located in the admin directory under the catalog directory. To keep your site safe and secure, be sure to run the administration application within a locally-accessible virtual host. You may need to manually configure this within the administration configuration file, typically found in $WEBROOT/catalog/admin/includes/configuration.php.

Before you install osCommerce, you need to create a MySQL database user with sufficient privileges to create and configure a new database. For initial installation, give this user SELECT, INSERT, UPDATE, DELETE, CREATE, and DROP permissions.

For example, on the test system, the osCommerce user www_user was created in the MySQL shell as follows:

mysql> grant select, insert, update, -> delete, create,
-> drop on catalog.*
-> to www_user@localhost identified
-> by “dwsfp2394uds!f”;

For security, once the installation is complete, you can elide the CREATE and DROP privileges.

The next pre-installation step is to ensure that the proper file permissions are set within your application. To do that, perform the following steps on your web server:

# cd $WEBROOT/catalog/includes/
# touch configure.php
# chmod 706 configure.php
# cd $WEBROOT/catalog/
# chmod 777 images

If you’re letting the installer set up the administration directory, then you must also perform the following steps to give the administration configuration file the proper file permissions:

# cd $WEBROOT/catalog/admin/includes/
# touch configure.php
# chmod 706 configure.php

When you’re finished with initial configuration, open up your favorite web browser and go to http://your_site/catalog/install/index.php. Select “Install” and check the box to import the catalog database, which creates the database and imports sample data. Make sure to also select the automatic configuration box, which writes the configuration information to the appropriate files on your web server.

Follow the installation process in the browser, making sure to specify the local MySQL user you created earlier. After a test connection is made, the installer creates the table structure and imports the sample data. Do not to interrupt this process.

Next, you must set a series of variables to get the store working properly, including your Internet address, the root directory of your web site, cookie information, and more. The installer tries to guess most of this information to provide reasonable defaults, but you can fine-tune the variables along the way, if necessary. The final page of the installer directs you to the administration application where you can begin setting up your store.

After installation is complete, it’s a good idea to clean up the install directories and reset permissions for your configuration scripts. Either delete or move the install directory to an offline location, and then make sure the configuration file can’t be edited by just anyone.

osCommerce in Action

A good way to get familiar with osCommerce is to work with the administration application and the sample data that’s pre-loaded during installation.

To begin, click on the “Configuration” tab and set options such as your store name, country, time zone, layout options, image parameters, base shipping costs, default inventory actions, and so on.

Next, and before you begin building a catalog, you need to make some decisions about three important features: payment authorization, localization, and shipping options.

Click on the “Modules” tab and then the “Payment” module and choose what payment options you’d like to honor. While it might seem a good idea to honor every payment gateway available, from Paypal to SECPay, it’s usually best to keep things as simple as possible and honor only one or two.

If you select the “Credit Card” module, it will accept customers’ credit card numbers online and either submit them to the database or split up the credit card number, sending half to the database and the other half to a specified email address. (Splitting the credit card numbers may tighten your security, but email is not a guaranteed transport and you may end up asking your customers to re-submit their orders because of lost credit card information.) In either case, the system stores credit card numbers in plain-text. As such, database security is mandatory, so get those iptables firewalls up and running!

Within the “Localization” tab, you’ll find options to provide your catalog in a number of different languages and display prices in a number of world currencies. One neat feature within the “Currencies” tool is real-time currency conversion via the Oanda.com foreign exchange service. Finally, you can offer a number of shipping options and set shipping prices and policies within the “Shipping” module.

Once you’ve defined the base configuration options, its time to dive into the meat and potatoes of the system, the product catalog itself. Select the “Catalog” tab to display the product hierarchy. Here, you can create new product categories, add new products, upload images, assign products to categories, set and administer prices, and edit user reviews.

To see the front-end of your new store at any time, just point your browser to http://your_site/catalog/index.php.

As your store begins to take orders and your customer base grows, you’ll spend a lot of time within the “Customers” tab. In it, you process orders and review and edit customer information.

Another useful tool included with osCommerce is the Newsletter Manager. Found under the “Tools” tab, the Newsletter Manager allows you to send newsletters or product notification emails to your opt-in customers.

The Who’s Online feature, also under “Tools,” shows you who’s currently browsing your site and can even show you what’s in their shopping carts.

As customers begin to use your new site, new features will crop up in the front-end system. A “Best Sellers” block will appear on your home page, highlighting the most popular products sold to date. Also, the collaborative filter will appear on appropriate product pages to highlight similar items. One filter is the ubiquitous “Customers who purchased this item, also purchased these items…” that cross-sells similar or complementary products.

What’s Next?

It’s a good idea to investigate some of the community-donated osCommerce modules. There are a few that handle credit card encryption, like the GPG Credit Card Encryption package, which encrypts credit card numbers and sends them via email to a specified email address. The full directory of osCommerce contributions can be found at http://www.oscommerce.com/community/contributions.

You may have noticed that there’s no security implementation or access control list for osCommerce’s administration interface. You’ll want to ensure that all access of the administration application is done via SSL and that you have a .htaccess file setup for its directory.

Currently, osCommerce uses the underlying filesystem to store site text. For example, you can edit the home page text in one of two ways: either edit the file $WEBROOT/catalog/ includes/languages/english/index.php or enter the administration system and browse to “Localization,” (the select a language), “Details,” and index.php. Text is defined in the following manner:

define(‘TEXT_MAIN’, ‘This is a default setup of the osCommerce project…’);

For further assistance with the osCommerce platform, read the online documentation located at http://wiki.oscommerce.com and the forum located at http://forums.oscommerce.com.

While osCommerce has many strengths, one of its most glaring omissions is a templating system. It’s quite easy to pick out which online stores are using osCommerce as most of them look exactly alike! Indeed, the most-requested osCommerce feature is a templating system. Rumor has it that version 3, due sometime in the not-to-distant future, will deliver something useful.

There are several other e-commerce packages available on SourceForge (http://sourceforge.net), however, none of them that come close to the features — core and contributed — provided by osCommerce. In fact, many other SourceForge e-commerce projects are just off-shoots of the osCommerce project with slight modifications and plug-ins from the original.

So, if you’re looking for an open source e-commerce solution that has many of the features available within proprietary, commercial platforms, then look no further: osCommerce is the tool for the job.

So, What’s Out There?

Each of the big Java application server vendors, IBM (Websphere), BEA (Weblogic), and ATG (Dynamo), offer packages designed specifically for e-commerce. Each product — like ATG’s e-Business Application Suite — provides all of the features listed in the sidebar “A La Cart,” and each vendor offers 24/7 support, enhancements, bug and security fixes, and most importantly, an API that allows you to extend the base platform with your own custom-built components.

Costs range from a quarter-million bucks to a cool million, depending on the “bells and whistles” and maintenance contract you select, but that price excludes the other hardware and software required to construct an entire three-tier architecture. Web servers, database servers, database software, and networking gear add to the total cost. If the demands of your business require and substantiate the expense for a Java-based solution, one of these commercial solutions may be your best bet.

However, based on first-hand experience, a significant expense does not necessarily translate to significant results (counter to what most IT executives think). Often, classic three-tier deployments aren’t constructed to handle a lot of traffic. Indeed, in many cases, most of these sites’ visitors can be easily handled on only one host.

Michael Bordash is an integration specialist, writer and programmer. His company, IP-soft.net, provides services for Fortune 1000 companies. In addition, he is the founder of InternetDJ.com. You can reach Michael at michael@bordash.com.

Comments are closed.